.htaccess - 'deny from' is not working
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Everything else
- :
- .htaccess - 'deny from' is not working
.htaccess - 'deny from' is not working
23-10-2008 4:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have put an .htaccess file into the relevant areas (CHMOD 644) which starts:
order deny,allow
deny from 196.219.108.155
deny from 87.118.108.229
deny from keymachine.de
My previous attempt started:
order allow,deny
deny from 196.219.108.155
deny from 87.118.108.229
deny from keymachine.de
allow from all
Has anyone any suggestions as to why both of these fail to prevent keymachine.de looking at my sites and triggereing my PHP-based trackers?
Any suggestions would be welcome.
Tony
Re: .htaccess - 'deny from' is not working
23-10-2008 5:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Also I have never seen blocking by IP address or domain working in htaccess in the past anyway.
Re: .htaccess - 'deny from' is not working
23-10-2008 9:27 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
How can they read the PHP file (to be able to execute it) when it is located on the ccgi server with an .htaccess file in the same directory?
In tests, I have been able to block myself from an html file located in a test directory on the ccgi server with a .htaccess file containing my IP address.
I will try further tests with a PHP file tomorrow and see if that is blocked.
Tony
Re: .htaccess - 'deny from' is not working
23-10-2008 9:39 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It sounds like the IP blocking is working but it did not in the past.
Re: .htaccess - 'deny from' is not working
23-10-2008 9:52 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It could be done as an 'include' file at the start of all of my PHP files although it would, of course, mean increased file access access and processing time. At least with an include file I would only have one list to maintain.
Re: .htaccess - 'deny from' is not working
24-10-2008 9:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I created a folder called 'protected' in the root of my website and put a .htaccess file in there
I then created another folder called 'admin' inside the 'protected' folder
so now i have got
mainarea/protected/admin
all my php files that i want to protect are in the 'admin' folder which itself is protected by .htaccess
if anybody attempts to get to any file in the 'admin' folder, they have to log on
I know it's a slightly different application than yours Tony W but it works for me so maybe you can prevent unwanted ip addresses by using the lines in your .htaccess file but put your php files in a protected folder
Re: .htaccess - 'deny from' is not working
24-10-2008 11:57 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As you say, the problem I have is slightly different from yours in that I do not want everyone to have to enter a password to run the PHP file.
I have just had a thought and will try a PHP file which is blank except for one line which includes another file. I will give the other file a .htm extension. With a bit of luck they won’t be able to read the contents of the .htm file.
I will post later with the results.
Re: .htaccess - 'deny from' is not working
24-10-2008 12:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Does .htaccess work better on Plesk? Have you considered that route Tony?
Ian
Re: .htaccess - 'deny from' is not working
24-10-2008 1:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My way of thinking was that the 'admin' folder is protected by the .htaccess file and therefore anything thats in the 'admin' folder is protected by virtue of the fact that it's inside a proteced area regardless of php or html or any other file type.
The more i think about this though the more i think it's not going to suit Tony's application because of the fact that in my case the .htaccess was accompanied by a .htpasswd file which meant that if you want to view the files inside 'admin', you have to log on which I know is not what Tony wants.
Sorry Tony if I gave you false hopes.
The plesk control panel provides a 'Protected Directories' feature which creates a similar scenario to that of mine so that might not suit Tony either.
Re: .htaccess - 'deny from' is not working
24-10-2008 4:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Huge apologies to Peter Vaughan - I actually got IP blocking to work on my Homepages site and have failed totally with the ccgi server.
I thought that I might be able to have a nearly blank PHP file on the ccgi server which just does an 'include' of a file on the Homepages server. I could then set up an .htaccess file on the Homepages server to deny the IPs.
That way I could stop the active contents of the PHP file from being accessed by the blocked IPs since they would not be able to read the Homepages content and would just see a blank PHP file.
I tried this and failed again. The PHP file could still read (and use) the Homepages include file, although attempts to access it directly - by putting its URL straight into a browser - were blocked.
So, it looks like it is going to have to be filtering in PHP and exiting if the IP matches e.g. if (eregi("keymachine",$hostname)) {exit;};
I was also looking at this as a way of blocking bandwidth hogs - particular visitors using download accelerators which can do many partial-content downloads totaling of tens of megabytes even though the visitor has actually only requested a single sub-megabyte file. We are penalised for going over the webspace bandwidth limit but seem to have too few tools available to counter rogue visitors.
Tony
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Everything else
- :
- .htaccess - 'deny from' is not working